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DETAILED ACTION 

1 . This action is responding to application papers filed 6-26-2003. 

2. Claims 1 - 25 are pending. Claims 1, 10, 19 are independent. 

Claim Rejections • 35 USC § 103 

3. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1 - 7, 9 - 16, 18 - 22, 24, 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Morlconi et al. (US PGPUB No. 20030115322) in view of Singhal et 
al. (US Patent No. 20050021818). 

Regarding Claims 1,19, Moriconi discloses a method, computer-usable medium 
having computer-readable program code embodied therein for causing a computer 
system to perform a method of controlling access to resources, said method comprising: 
b) receiving a request for access to said resource, said request comprising said 
requester identifying information; (see Moriconi paragraph [0050], lines 1-5: 
program, computer usable medium; paragraph [0068], lines 1-3: access request 
processed, subject or requestor identified) and 
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Moriconi discloses storing a policy definition for a resource in local memory, said 
policy decision based on a policy definition governing access to said resource and 
on requester identifying information provided to said source, and evaluating said 
request using said policy decision in said local memory instead of referring said 
request to said source for evaluation, (see Moriconi paragraph [0068], lines 4-9: 
process or evaluate access request; paragraph [0076], lines 16-19; paragraph 
[0024], lines 1-9: policy definition processed locally or by local security policy, policy 
definition local client security policy stored within local memory, access policy based 
on subject or requestor identification) Moriconi does not specifically disclose a 
policy decision for a resource in local memory, said policy decision received from a 
source of policy definitions, said policy decision based on a policy definition 
governing access to said resource. 
However, Singhal discloses: 

a) a policy decision for a resource in local memory, said policy decision received 
from a source of policy definitions, said policy decision based on a policy 
definition governing access to said resource; (see Singhal paragraph [0062], 
lines 7-1 1 : policy decision storage in local memory) 

c) evaluating said request using said policy decision in said local memory (see 
Singhal paragraph [0062], lines 7-1 1 : storage policy decision parameter in local 
memory) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi as taught by Singhal to enable the usage of a policy decision for a resource 
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in local memory, said policy decision received from a source of policy definitions, 
said policy decision based on a policy definition governing access to said resource. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Singhal in order to enable the provisioning of better services by content providers, 
(see Singhal paragraph [0062], lines 1-6: " ... provide content providers 106, third 
party application providers 108 and partner portals 110 with more information about 
the user and network capabilities to enable provision of better services, inline 
context injection is done in the HTTP header by HTTP application handler 208 ...") 

Regarding Claims 2, 11, 20, Moriconi discloses the method and computer usable 
medium of claims 1,10, 19 wherein said resource is affiliated with another resource, 
and wherein further a policy decision for said other resource is received from said 
source and stored in local memory, (see Moriconi paragraph [0050], lines 1-5: program, 
computer usable medium; paragraph [0024], lines 1-9: local client security policy to a 
client, policy definition within local memory; paragraph [0056], lines 1-12: linked 
resources, policy for 2nd resource based on 1st resource) Moriconi does not 
specifically disclose the processing of a policy decision. However, Singhal discloses 
wherein a policy decision for said other resource, (see Singhal paragraph [0062], lines 
7-1 1 : local memory storage of policy decision) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi as taught by Singhal to enable the usage of a policy decision parameter within 
a security management environment One of ordinary skill in the art would have been 
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motivated to employ the teachings of Singhal in order to enable the provisioning of 
better services by content providers, (see Singhal paragraph [0062], lines 1-6) 

Regarding Claims 3, 12, 21, Moriconi discloses the method, computer usable medium 
wherein said computer-readable program code embodied therein causes said computer 
system of claims 1,10, 19 further comprising: receiving from said source a notification 
of a change in said policy definition, (see Moriconi paragraph [0082], lines 3-10: update 
distribution or notification of change in policy definition) 

Regarding Claims 4, 13, Moriconi discloses the method of claims 3, 12 wherein said 
notification identifies resources affected by said change, (see Moriconi paragraph 
[0082], lines 7-10: only changes to policy definition are incorporated and transmitted) 

Regarding Claims 5, 14, Moriconi discloses the method of claims 3, 12 wherein said 
notification also comprises an updated version of said policy definition based on said 
change, (see Moriconi paragraph [0082], lines 1-3: updated version of policy definition; 
paragraph [0082], lines 7-13: updated version transmitted to clients) Moriconi does not 
specifically disclose the processing of a policy decision. However, Singhal discloses 
wherein said policy decision, (see Singhal paragraph [0062], lines 7-1 1 : local memory 
storage of policy decision) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi as taught by Singhal to enable the usage of a policy decision parameter within 
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a security management environment. One of ordinary skill in the art would have been 
motivated to employ the teachings of Singhal in order to enable the provisioning of 
better services by content providers, (see Singhal paragraph [0062], lines 1-6) 



Regarding Claims 6, 15, Moriconi discloses the method of claims 3, 12 further 
comprising: 

Moriconi discloses wherein marking said policy decision subject to said change, and 
requesting an updated version of said policy decision in response to a subsequent 
request for said resource, (see Moriconi paragraph [0082], lines 3-10: updated 
version of policy information for specific users; paragraph [0174], lines 1-5: request 
for policy change information). Moriconi does not specifically disclose the 
processing of a policy decision. 
However, Singhal discloses: 

a) said policy decision subject to said change; (see Singhal paragraph [0062], lines 
7-1 1 : local memory or storage of policy decision) 

b) said policy decision in response to a subsequent request, (see Singhal 
paragraph [0062], lines 7-1 1 : local memory or storage of policy decision) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi as taught by Singhal to enable the usage of a policy decision parameter 
within a security management environment. One of ordinary skill in the art would 
have been motivated to employ the teachings of Singhal in order to enable the 
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provisioning of better services by content providers, (see Singhal paragraph [0062], 
lines 1-6) 

Regarding Claims 7, 16, Moriconi discloses the method of claims 1, 10 further 
comprising: sending a message to said source, said message requesting updates for 
policy definitions stored in said memory, (see Moriconi paragraph [0024], lines 1-9: 
local client security policy transmitted to a client, policy definition within local memory; 
paragraph [01 74], lines 1 -5: request to server for policy change information) Moriconi 
does not specifically disclose processing security information utilizing a policy decision 
parameter. However, Singhal discloses wherein policy decisions stored in said 
memory, (see Singhal paragraph [0062], lines 7-1 1 : local memory storage of policy 
decision) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi as taught by Singhal to enable the usage of a policy decision parameter within 
a security management environment. One of ordinary skill in the art would have been 
motivated to employ the teachings of Singhal in order to enable the provisioning of 
better services by content providers, (see Singhal paragraph [0062], lines 1-6) 

Regarding Claims 9, 24, Moriconi discloses the method, computer usable medium of 
claims 1, 19 wherein a condition associated with said policy definition is also received 
from said source and stored locally, wherein said condition is enforced locally, (see 
Moriconi paragraph [0024], lines 1-9: local client security policy transmitted to a client, 
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policy definition within local memory; paragraph [0047], lines 17-20: policy enforced 
locally) 

Regarding Claims 10, 25, Moriconi discloses a method of controlling access to 
resources, said method comprising: 

a) receiving a request for access to a resource, said request comprising requestor 
identifying information, wherein said request is referred to a source of a policy 
definition that governs access to said resource for evaluation; (see Moriconi 
paragraph [0068], lines 1-3: access request processed, subject or requestor 
identified) 

b) receiving from said source a policy decision for said resource, said policy 
decision based on said policy definition and said requestor identifying 
information; (see Moriconi paragraph [0068], lines 4-9: policy decision 
determined) and 

Moriconi discloses wherein storing said policy decision in local memory, wherein a 
subsequent request for said resource is evaluated locally using said policy decision 
stored in memory, (see Moriconi paragraph [0076], lines 16-19: policy definition in 
local memory; paragraph [0047], lines 15-20: policy definition enforced based on 
local security policy or locally) Moriconi does not specifically disclose processing 
security information utilizing a policy decision parameter. 
However, Singhal discloses: 
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c) storing said policy decision in local memory, (see Singhal paragraph [0062], lines 
7-1 1 : local memory storage of policy decision) 
It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi as taught by Singhal to enable the usage of a policy decision parameter 
within a security management environment. One of ordinary skill in the art would 
have been motivated to employ the teachings of Singhal in order to enable the 
provisioning of better services by content providers, (see Singhal paragraph [0062], 
lines 1-6) 



Regarding Claim 18, Moriconi discloses the method of claim 10 further comprising: 
receiving from said source a condition associated with said policy definition, wherein 
said condition is enforced locally, (see Moriconi paragraph [0047], lines 15-20: policy 
definition enforced based on local security policy or locally) 

Regarding Claim 22, Moriconi discloses the computer-usable medium of claim 19 
wherein said computer-readable program code embodied therein causes said computer 
system to perform said method comprising: sending a message to said source, said 
message requesting updates for policy definitions stored in said memory, (see Moriconi 
paragraph [0174], lines 1-5: request updates to policy definitions) Moriconi does not 
specifically disclose processing security information utilizing a policy decision 
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parameter. However, Singhal discloses wherein policy decisions stored in said 
memory, (see Singhal paragraph [0062], lines 7-11: local memory storage of policy 
decision) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi as taught by Singhal to enable the usage of a policy decision parameter within 
a security management environment. One of ordinary skill in the art would have been 
motivated to employ the teachings of Singhal in order to enable the provisioning of 
better services by content providers, (see Singhal paragraph [0062], lines 1-6) 

5. Claims 8, 17, 23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Moriconi-Singhal and further in view of Chakraborty et al. (US Patent No. 
20040054791). 

Regarding Claim 8, Moriconi discloses the method of claim 1 wherein said policy 
definition is valid is also received from said source and stored locally, (see Moriconi 
paragraph [0081], lines 1-5: policy definition is valid; paragraph [0047], lines 15-20; 
paragraph [0076], lines 16-19: policy received, received and stored locally) Moriconi not 
specifically disclose processing security information utilizing a policy decision 
parameter. However, Singhal discloses wherein said policy decision, (see Singhal 
paragraph [0062], lines 7-11: local memory storage of policy decision) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi as taught by Singhal to enable the usage of a policy decision parameter within 
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a security management environment. One of ordinary skill in the art would have been 
motivated to employ the teachings of Singhal in order to enable the provisioning of 
better services by content providers, (see Singhal paragraph [0062], lines 1-6) 
Moriconi-Singhal does not specifically disclose an expiration time for policy 
decision. However, Chakraborty discloses wherein a period of time said policy 
information is valid, (see Chakraborty paragraph [0016], lines 4-9; paragraph [0019], 
lines 6-12: security policy information processing; paragraph [0051], lines 2-3; 
paragraph [0053], lines 5-7: policy information with time based expiration condition or 
period of time policy information valid) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi-Singhal as taught by Chakraborty to enable the usage of a period of time 
policy information is valid. One of ordinary skill in the art would have been motivated to 
employ the teachings of Chakraborty in order to enable the sharing of the same core 
policy library across various web servers, (see Chakraborty paragraph [0020], lines 1- 
6: "... allows users to configure multiple instances of the same web server with an 
already installed version of the agent Instead of reinstalling multiple copies of the 
shared library or dynamically linked library, the same core policy library is shared across 
various web servers ...') 

Regarding Claim 17, Moriconi discloses the method of claim 10 further comprising: 
receiving information that identifies said policy definition is valid, (see Moriconi 
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paragraph [0081], lines 1-5: determine policy definition valid) Singhal does not 
specifically disclose processing security information utilizing a policy decision 
parameter. However, Singhal discloses wherein said policy decision, (see Singhal 
paragraph [0062], lines 7-1 1 : local memory storage of policy decision) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi as taught by Singhal to enable the usage of a policy decision parameter within 
a security management environment. One of ordinary skill in the art would have been 
motivated to employ the teachings of Singhal in order to enable the provisioning of 
better services by content providers, (see Singhal paragraph [0062], lines 1-6) 

Moriconi-Singhal does not specifically disclose an expiration time for policy 
decision. However, Chakraborty discloses wherein a period of time said policy 
information is valid, (see Chakraborty paragraph [0016], lines 4-9; paragraph [0019], 
lines 6-12: security policy information processing; paragraph [0051], lines 2-3; 
paragraph [0053], lines 5-7: policy information, time based expiration condition or period 
of time policy information is valid) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi-Singhal as taught by Chakraborty to enable the usage of a period of time 
policy information is valid. One of ordinary skill in the art would have been motivated to 
employ the teachings of Chakraborty in order to enable the sharing of the same core 
policy library across various web servers, (see Chakraborty paragraph [0020], lines 1- 
6: " . . . allows users to configure multiple instances of the same web server with an 
already installed version of the agent. Instead of reinstalling multiple copies of the 
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shared library or dynamically linked library, the same core policy library is shared across 
various web servers ...") 

Regarding Claim 23, Moriconi discloses the computer-usable medium of claim 19 
wherein a policy definition is valid, is also received from said source, and stored locally, 
(see Moriconi paragraph [0024], lines 1-6: policy definition, stored locally within local 
client security policy transmitted to a client) Singhal does not specifically disclose 
processing security information utilizing a policy decision parameter. However, Singhal 
discloses wherein said policy decision, (see Singhal paragraph [0062], lines 7-1 1 : local 
memory or storage of policy decision) 

It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi as taught by Singhal to enable the usage of a policy decision parameter within 
a security management environment. One of ordinary skill in the art would have been 
motivated to employ the teachings of Singhal in order to enable the provisioning of 
better services by content providers, (see Singhal paragraph [0062], lines 1 -6) 

Moriconi-Singhal does not specifically disclose an expiration time for policy 
decision. However, Chakraborty discloses wherein a period of time said policy decision 
is valid, (see Chakraborty paragraph [0016], lines 4-9; paragraph [0019], lines 6-12: 
security policy information processing; paragraph [0051], lines 2-3; paragraph [0053], 
lines 5-7: policy information with time based expiration condition or period of time policy 
information is valid) 
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It would have been obvious to one of ordinary skill in the art to have modified 
Moriconi-Singhal as taught by Chakraborty to enable the usage of a period of time 
policy information is valid. One of ordinary skill in the art would have been motivated to 
employ the teachings of Chakraborty in order to enable the sharing of the same core 
policy library across various web servers, (see Chakraborty paragraph [0020], lines 1- 
6) 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton Johnson whose telephone number is 571-270- 
1032. The examiner can normally be reached Monday through Friday from 8:00AM to 
5:00PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami, can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
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you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



NASSER MOAZZAMI 

Carlton Johnson Q , IPPR visoRY patent examiner 

September 1 1 , 2006 technology center 2100 



